Disassemble Tool

1 file

作用:file 试图通过检查文件中的某些特定字段来确认文件的类型
!Note: 绝不要根据文件的拓展名来确定文件的类型

i.e.: 下例为一个C文件,改变文件名hello.chello.py

#include 

int main()
{
   printf("%s", "Hello, world!\n");
}

终端敲入file命令,仍能识别出C文件

$ file hello.py
hello.py: C source, ASCII text

原因是因为某些文件类型会有特有的标签值(幻数).幻数是一些文件格式规范所要求的特殊标签值, 它表示文件符合这种规范

, file命令还可识别静态链接和动态链接的二进制文件

$ gcc hello.c -o hello_dynamic
$ gcc hello.c --static  -o hello_static
alphacoco@alphacoco:~$ file hello_*
hello_dynamic: ELF 64-bit LSB  executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.24, BuildID[sha1]=ac9e7d1f4e315b4ce9e0d52244ddd3bef9f832d9, not stripped
hello_static:  ELF 64-bit LSB  executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.24, BuildID[sha1]=64b654d990d32efb735a1f42695ff468921d64e0, not stripped


2 nm

作用: 列举目标文件中(.o扩展名)的符号

写一个hello.c文件:

#include 

int main()
{
    printf("%s", "Hello, world!\n");
}

然后测试命令

$ gcc -c hello.c
$ nm hello.o
0000000000000000 T main
                 U puts

$ gcc hello.c -o hello
$ nm hello
0000000000601040 B __bss_start
0000000000601040 b completed.6973
0000000000601030 D __data_start
0000000000601030 W data_start
0000000000400470 t deregister_tm_clones
00000000004004e0 t __do_global_dtors_aux
0000000000600e18 t __do_global_dtors_aux_fini_array_entry
0000000000601038 D __dso_handle
0000000000600e28 d _DYNAMIC
0000000000601040 D _edata
0000000000601048 B _end
00000000004005b4 T _fini
0000000000400500 t frame_dummy
0000000000600e10 t __frame_dummy_init_array_entry
00000000004006f8 r __FRAME_END__
0000000000601000 d _GLOBAL_OFFSET_TABLE_
                 w __gmon_start__
00000000004003e0 T _init
0000000000600e18 t __init_array_end
0000000000600e10 t __init_array_start
00000000004005c0 R _IO_stdin_used
                 w _ITM_deregisterTMCloneTable
                 w _ITM_registerTMCloneTable
0000000000600e20 d __JCR_END__
0000000000600e20 d __JCR_LIST__
                 w _Jv_RegisterClasses
00000000004005b0 T __libc_csu_fini
0000000000400540 T __libc_csu_init
                 U __libc_start_main@@GLIBC_2.2.5
000000000040052d T main
                 U puts@@GLIBC_2.2.5
00000000004004a0 t register_tm_clones
0000000000400440 T _start
0000000000601040 D __TMC_END__

3 strings

作用: 提取文件中的字符串内容

下例为提取可执行文件(二进制文件)中的字符串内容

$ strings hello
/lib64/ld-linux-x86-64.so.2
N1[L
libc.so.6
puts
__libc_start_main
__gmon_start__
GLIBC_2.2.5
UH-@
UH-@
[]A\A]A^A_
Hello, world!
;*3$"
GCC: (Ubuntu 4.8.4-2ubuntu1~14.04.3) 4.8.4
.symtab
.strtab
.shstrtab
.interp
.note.ABI-tag
.note.gnu.build-id
.gnu.hash
.dynsym
.dynstr
.gnu.version
.gnu.version_r
.rela.dyn
.rela.plt
.init
.text
.fini
.rodata
.eh_frame_hdr
.eh_frame
.init_array
.fini_array
.jcr
.dynamic
.got
.got.plt
.data
.bss
.comment
crtstuff.c
__JCR_LIST__
deregister_tm_clones
register_tm_clones
__do_global_dtors_aux
completed.6973
__do_global_dtors_aux_fini_array_entry
frame_dummy
__frame_dummy_init_array_entry
hello.c
__FRAME_END__
__JCR_END__
__init_array_end
_DYNAMIC
__init_array_start
_GLOBAL_OFFSET_TABLE_
__libc_csu_fini
_ITM_deregisterTMCloneTable
data_start
puts@@GLIBC_2.2.5
_edata
_fini
__libc_start_main@@GLIBC_2.2.5
__data_start
__gmon_start__
__dso_handle
_IO_stdin_used
__libc_csu_init
_end
_start
__bss_start
main
_Jv_RegisterClasses
__TMC_END__
_ITM_registerTMCloneTable
_init

可见, 字符串 Hello, world 就在其中!

4 ldd

ldd: list dynamic dependencies
作用: 可用来列举任何可执行文件所需的动态库

仍采用上例中的hello.c文件

$ ldd hello
    linux-vdso.so.1 =>  (0x00007fffb2f72000)
    libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f996632e000)
    /lib64/ld-linux-x86-64.so.2 (0x0000556dd5cf0000)

你可能感兴趣的:(Disassemble Tool)